<? session_start();
require_once('../functions.php');
if ($_SESSION["pass"] != check($_SESSION["user"])) {
log_write('user', 'Possible hack attempt detected', 'Incorrect password specified for user');
die('HACK ATTEMPT: This attempted hack has been logged along with your IP'); exit;
} elseif(!isset($_SESSION["pass"])) {
log_write('user', 'Possible hack attempt detected', 'No password specified for user: '.$_SESSION["user"]);
die('HACK ATTEMPT: This attempted hack has been logged along with your IP');
exit;
} if($_SESSION["power"] != 'Administrator') {
log_write('admin', $_SESSION["user"].' has attempted to access the Admin area', 'Security Breach');
header("Location: /");
exit;
}
function main() {
global $ver_full;
        $html = "<fieldset><legend>Admin Area</legend>Welcome to the first oPanel administration area.<br />
				Here you can control the oPanel file manager, or view the security logs it's created.</fieldset><br />";
		$html .= '<fieldset><legend>System Information</legend>Below is some useful information about your system:<br />
				<table width="150" border="0" cellspacing="0" cellpadding="0">
					<tr>
					    <th scope="row">PHP Version </th>
					    <td>'.phpversion().'</td>
					</tr>
					<tr>
					    <th scope="row">cURL Support </th>
					    <td>'; if (function_exists('curl_version')) { $html .= 'True'; } else { $html .= 'false'; } $html .='</td>
					</tr>
				</table>
				</fieldset><br /><fieldset><legend>oPanel Information</legend>
				<table width="250" border="0" cellspacing="0" cellpadding="0">
					<tr>
					    <th scope="row">oPanel Version</th>
					    <td>'.$ver_full.'</td>
					</tr>
					<tr>
					    <th scope="row">Lastest oPanel Version</th>
					    <td>'.$_SESSION['oPinfo']['LATESTVER'].'</td>
					</tr>
					<tr>
					    <th scope="row">License Type</th>
					    <td>'.$_SESSION['oPinfo']['LICETYPE'].'</td>
					</tr>
					<tr>
					    <th scope="row">Registered To</th>
					    <td>'.$_SESSION['oPinfo']['REG_TO'].'</td>
					</tr>
				</table><p>';
if($ver_full < $_SESSION['oPinfo']['LATESTVER']) { $html .='<font color="red">An update for oPanel is avaliable</font>'; } else { $html .='<font color="green">Your version of oPanel is up to date</font>'; }
				$html .= '</p></fieldset>'; if($_SESSION['oPinfo']['LICETYPE'] == 'Free Trial') {
				  $century = mktime(strtotime($_SESSION['oPinfo']['SUPPORTENDS']));
				  $today = time();
				  $difference = $today - $century;
				  $time = floor($difference / 84600);
				  $difference -= 84600 * floor($difference / 84600);
				  $time .= ' days, ';
				  $time .= floor($difference / 3600);
				  $difference -= 3600 * floor($difference / 3600);
				  $time .= ' hours, ';
				  $time .= floor($difference / 60);
				  $difference -= 60 * floor($difference / 60);
				  $time .= " minutes, and $difference seconds";
				$msg = 'Your free trial will expire in '.$time; } elseif($_SESSION['oPinfo']['SUPPORTENDS'] < date("Y-m-d H:i:s")) { $msg = '<font color="red">Your oPanel support term has expired.<br />Please purchase a support extension from support.theopanel.net.</font>'; }
if(isset($msg)) $html .= '<br /><fieldset><legend>oPanel Licensing and Support</legend>'.$msg.'</fieldset>';
		return($html);
		}
if(!isset($_GET['page'])) {
die('ERROR: No page has been selected');
} else { $page = $_GET['page']; }
switch($page) {

    case "main":
      echo main();
    break;
	
	case "listusr":
echo '<fieldset><legend>Information</legend>Editing of your own user
 account is disallowed as it will cause problems with your current oPanel Session</fieldset>
<br />
<fieldset><legend>User List</legend>All Users are listed below.
<table style=\'width: 100%; border: 0px; padding:0px\' cellspacing=\'0\'>';
$lines = scandir(USERS_PATH);
foreach ($lines as $line_num => $line) {
if ($line != ".") {
 if ($line != "..") {
$type = strrchr($line,'.');
  if (!(is_dir(USERS_PATH.$line))) {
if($type == ".opuf") {
$file = str_replace('.opuf', '', $line);
if($file != $_SESSION["user"]) { $editUser = '<td class=\'content\'><a href="javascript:showContent(\'editusr&name='.$file.'\')">Edit user</a></td>'; } 
else { $editUser = ''; }
$usr = file_get_contents(USERS_PATH.$file.".opuf");
preg_match('/IP="(.*)"/', $usr, $IP);
$up = power($file);
$Lip = $IP[1];
echo '
<tr>
	<td class=\'title\'>'.$file.'</td>
	<td class=\'content\'>'.$up.'</td>
	<td class=\'content\'>Last IP: '.$Lip.'</td>
	'.$editUser.'
	<td height="23"><a href="javascript:showContent(\'delusr&name='.$file.'\')">Delete user</a></td>
</tr>';
} } } }
} // end foreach
echo '</table></fieldset>';
	break;
	
	case "addusr":
	$userpath=''.USERS_PATH;
 include('adduser.php');
	break;
	
	case "banList":
		include('ban_admin.php');
	break;
	
	case "aban_setup":
		include('absconfig.php');
	break;
	
	case "usr_setup": 
	echo <<<TLD
<form name="changSet" method="post">
								<fieldset>
        		 	                <legend>User Account Settings</legend>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0' height="71">
										<tr>
            		 	                    <td class='title'>Users can delete 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="del"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="del"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											edit files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="edit"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="edit"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can rename 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="rename"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false"  name="rename"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											copy files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="copy"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="copy"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can 
											move files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="move"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false" name="move"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Users can upload 
											files:</td>
            		 	                    <td class='content'>
												<input type="radio" value="true" checked name="upload"> Yes											</td>
											<td class='content'>
											<input type="radio" value="false"  name="upload"> No											</td>
            		 	                	<td height="23">&nbsp;</td>
										</tr>
										<tr>
            		 	                    <td class='title'>Confirm your admin password:</td>
            		 	                    <td class='content' colspan="2"><input type='password' class='sql_form' name='password'></td>
            		 	                	<td height="24">&nbsp;</td>
										</tr>
            		 	            </table>
<input type="button" class="nButton" name="addUsr" onClick="javascript:changeSet('admin/setup.php','POST');" value="Update settings" />
            		 	        </fieldset>
TLD;
	break;

	case "logs": 
	if(isset($_GET['empty']) && $_GET['empty']  == true) {
	$hobla = "";
   if (!$handle = fopen(LOGS_PATH.'admin.log', 'w+')) {
         die("Cannot open file ($filename)");
         exit;
   }
   if (fwrite($handle, $hobla) === FALSE) {
       die("Cannot write to a needed file ($filename)");
       exit;
   }  
   fclose($handle);
	}
	echo '<fieldset><legend>oPanel Secuirty Logs</legend><pre>';
	if(file_get_contents(LOGS_PATH.'admin.log') != '') { include(LOGS_PATH.'admin.log');
 	echo '</pre></fieldset><br /><fieldset><center><a href="javascript:showContent(\'logs&empty=true\')">Click here to empty security logs</a></center></fieldset>'; } else { echo 'The secuirty logs are empty.'; }
	break;
		
	case "support": 
		//add a support ticket to OlliesPage.net Support system (TalkBack)
	if(!($_SESSION['oPinfo']['SUPPORTENDS'] < date("Y-m-d H:i:s"))) { // add Support inc.s here
echo '<fieldset><legend>Information</legend>This feature has been disabled during this BETA due to incompletion.</fieldset>';
	} else { echo '<fieldset><legend>oPanel Licensing and Support</legend><font color="red">Your oPanel support term has expired therefore this area of the administration section has been disabled.<br />
Please purchase a support extension from support.theopanel.net.</font></fieldset>'; }
	break;
	
	case "bugRep": 
		echo <<<TYT
					<form name="addUser" action="" method="post">
								<fieldset>
        		 	                <legend>Report a bug</legend>
        		 	                <table style='width: 100%; border: 0px; padding:0px' cellspacing='0' height="74">
										<tr>
            		 	                    <td class="title">Name:</td>
            		 	                    <td height="24" class='content'><input type='text' class='sql_form' name='name' value="{$_SESSION['oPinfo']['REG_TO']}" readonly="readonly" /></td>
           		 	                	</tr>
										<tr>
            		 	                    <td class="title">Subject:</td>
            		 	                    <td height="24" class='content'><input type='text' class='sql_form' name='subject' /></td>
           		 	                	</tr>
										<tr>
            		 	                    <td height="24" colspan="2"><span class="title">Details:</span><br /><textarea name="details" style="width: 100%; height: 200px;"></textarea></td>
           		 	                    </tr>
            		 	            </table>
<input type="button" class="nButton" name="addUsr" onClick="javascript:repBug('admin/bugs.php','POST');" value="Report the bug" />
            		 	        </fieldset></form>
TYT;
	break;

	case "editusr":
 include('edituser.php');
	break;

	case "delusr":
echo <<<TFT
<fieldset><legend>User Account Deleted</legend>{$_GET['name']}'s account has been deleted and their oPanel access has been discontinued immediatly.<br /><a href="javascript:showContent('listusr')">Click here to go back</a></fieldset>
TFT;
$file = USERS_PATH.$_GET['name'].".opuf";
unlink($file);
	break;
	
	case "update":
		include('../update/updater.php');
	break;
	
	case "lice_adm":
		include('liceadm.php');
	break;

	default:
	echo "Page not recognised!";
}
?> 